[keystone][ldap]

Amjad Kotobi kotobi at dkrz.de
Wed May 20 12:41:26 UTC 2020


Hi all,

I’m integrating keystone with LDAP, and having “service account” e.g. Nova, keystone etc.. which are in database.
As soon as connecting it to ldap all authentication getting failed, how can I have both “service account” and “LDAP users”  connected to Keystone?

Here is my keystone.conf 


###################
[ldap]

url = ldap://XXXXX
user = uid=XXX,cn=sysaccounts,cn=etc,dc=XXX,dc=de
password = dkrzprox
user_tree_dn = cn=users,cn=accounts,dc=XXX,dc=de
user_objectclass = posixAccount
user_id_attribute = uid
user_name_attribute = uid
user_allow_create = false
user_allow_update = false
user_allow_delete = false
group_tree_dn = cn=groups,cn=accounts,dc=XXX,dc=de
group_objectclass = groupOfNames
group_id_attribute = cn
group_name_attribute = cn
group_member_attribute = member
group_desc_attribute = description
group_allow_create = false
group_allow_update = false
group_allow_delete = false
use_pool = true
use_auth_pool = true
debug_level = 4095
query_scope = sub

[identity]

driver = ldap

#####################

OS: Centos7
OpenStack-Release: Train

Any idea or example of options gonna be great!


Thank you



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200520/1cd1ffc5/attachment.html>


More information about the openstack-discuss mailing list